Cassidy: Target hack signals that the privacy war is over − and we lost

In the battle to keep what's personal to ourselves, we are unarmed. Sure, this has been going on for awhile -- websites, stores, the government; collecting every scrap of information about us whether we like it or not. Or whether we know it or not.

Which is bad. But then spreading that information around the way a drunk spreads dollar bills around the corner tavern is even worse. It's not just that our personal information -- credit card numbers, email addresses, phone numbers, PIN numbers and God knows what else, aren't solely ours anymore. It's that they are everybody else's now.

Recent news about a massive data breach at Target, one of the country's biggest retailers, has given a whole new meaning to the term "being targeted." The store has put a big red bull's-eye on many of our backs by losing track of personal information belonging to perhaps as many as 110 million customers. Anytime a retailer's systems are hacked and cyberthieves make off with data belonging to a group that could number more than one-third of the U.S. population, I think we can all agree we've got a problem.

"It's become a much more difficult job as technology advances," Paul Stephens, of the Privacy Rights Clearinghouse, says of keeping track of how we're being kept track of. "It's sometimes not quite as easy to discover how our personal information is being leaked."

Advertisement

And so we grow anxious, suspicious and a little paranoid. A month ago I would have chuckled at those having a conniption because information giant Google (GOOG) bought Nest, the maker of sleek -- and smart -- thermostats and smoke detectors. Because the devices track our movements and behavior to better control our home environment, some have said they worry about data-happy Google tracking every move we make -- literally.

Nest has said the data that the smart devices collect will only be used to improve the company's products. But if you tend toward the chilly side and you suddenly start spotting ads for fuzzy sweaters in your Gmail box, you might want to check back with the Nest folks.

Me? I've gone through the three stages of privacy protection concern.

Stage One: How much could any entity really know about me and who cares who finds out about it?

Stage Two: They know that? And that? And they're giving it/losing it to whom?

Stage Three: The privacy war is over and we lost.

Just last week the Wall Street Journal reported on a growing field: Companies that use Wi-Fi signals from your smartphone to track your travels through a downtown or a given store, including a startup that has created dossiers "on 2 million people's habits as they have gone about their daily lives, traveling from yoga studios, to restaurants, to coffee shops, sports stadiums, hotels and nightclubs."

The real power for marketers and retailers who rely on all this data comes from combining different batches of it to create a whole you. Let's go back to the Target example and the 110 million -- give or take -- customers who lost little pieces of themselves to hackers. Of course, the company has email address, credit card numbers, debit card numbers. It also has Social Security numbers, driver's license numbers, phone numbers, home addresses, checking account numbers and income figures for those who sign up for Target's own credit and debit cards.

But Target has a lot more.

"Target has probably the most sophisticated data mining program of any retailer," says Stephens, director of policy and advocacy for the San Diego-based privacy clearinghouse. In his 2012 book "The Power of Habit," Charles Duhigg writes about how Target creates Guest ID numbers for shoppers and internally keeps track of their purchases. Then it adds in other information that it collects or buys from other firms, including, Duhigg writes, "the shopper's age, whether they were married and had kids, which part of town they lived in, how long it took them to drive to the store, an estimate of how much money they earned, whether they'd moved recently, which websites they visited, the credit cards they carried in their wallet, and their home and mobile phone numbers."

No one has said yet that the cyberthieves made off with information from the Guest ID files, though when I asked, Target would not address the question directly. The retailer says its investigation is continuing. And Stephens says he's not sure consumers have heard the whole story yet.

"It's certainly entirely possible that the information that Target has data-mined could potentially be included in the breach as well," he says.

Target has said it is taking steps to guard against another major breach. And in full-page newspaper ads last week the company announced a coalition "to help educate the public on the dangers of consumer scams."

It's a nice gesture, but somehow I have a feeling that many Target customers have already learned their lesson.

Contact Mike Cassidy at mcassidy@mercurynews.com or 408-920-5536. Follow him at Twitter.com/mikecassidy.